A data processing agreement (DPA) is a contract between a data controller (such as a company) and a data processor (such as a third-party service provider). Its purpose is to regulate any personal data processing that occurs for business purposes. A DPA may also be referred to as a GDPR data processing agreement.
Data processing encompasses any operation in which data is collected, translated, communicated, and/or classified to produce meaningful information. Companies often hire third parties to process and analyze customers' personal data, which usually requires a DPA.